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USER AOTKENTICATION METHOD ON THE UTILISATION OF 

BIOMBTRIG IDENTIFICATION TECHNIQUES AND RELATED 
ARCHITECTURE 

-it 'fc ie ic * 

5 The pjreeent invention refers in general to tlie 

field of secure authentication system. More 
particularly/ the present invention refers to a user 
authentication method based on the utilisation, of 
bioiuetric identification techniques and related 
^ 10 architecture. 

Authentication is the process by which an entity^ 
such as a financial institution, a bank, etc . ^ 
identifies and verifies its customers or users to 
itself and identifies and verifies itself to its 
15 customers or users ^ 

Authentication includes the use of physical 
objects, such as cards and/or keys, shared secrets,- 
such as Personal Identification Numbers (PIN's) and/or 
passwords/ and biometric technologies such as voice 
2 0 prints, photos, signatures and/ or fingerprints. 
Biometric tasks include/ for example, ah identification 
task and a verification task. The *v-erif ication task 
determines whether or not the person claiming an 
identity is really the person whose identity has been 
25 claimed* 

The identification . task determines whether the 
biometric signal, such as a fingerprint, matches . that 
of someone already enrolled in the system. 

Various biometrics have been considered for use 
30 with smart cards, such as fingerprints, hand print a, 
voice prints, retinal images, handwriting samples and 
the like. 
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An example of a biometric -based smart card is 
shown in US-A-5, 2B0, 527 describing a credit card sissed 
token (referred to as biometric security apparatus) 
containing a microchip, in which a sample of the 
5 authorised user's voice is stored- In order . to gain 
access to an account ^ the *user must insert the token 
into a designated slot of an ATM^ and then speak with 
the ATM. If a match is found between the user's voice 
and the sample enrolment of the voice stored into the 
10 microchip, access to the account is granted. 

Although the system disclosed in US-A-S , 2SQ , 527 
reduces the risks of unauthorised access, if compared 
with conventional PIN-based systems, however, to the 
extent that the credit card and the microchip disposed 
15 therein can be tampered with, the system does not 
provide the level of reliability and security that is 
often required in nowadays finance transactions. 

In WO-A-0139134 a security system is further 
disclosed, comprising: a central unit with a biometric 
2 0 sensor to detect biometric data representing 
characteristic biometric features of a person; at least 
one portable data carrier; a memory means for storing 
biometric reference data representing the biometric 
•reference features of the . person in the system; a 
25 control system capable of generating an authorisation 
signal to control a functional unit depending on a 
comparison between the biometric data detected by the 
sensor and the reference data. 



3 0 the reference data, that are compared with the 
biometric data detected by the sensor to ascertain the 
authenticity of the user, are not wholly stored into 



In the security system proposed in such document ^ 
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the 'data, carrier, in the conventional manner, but are 
aplitted, partly in the data carrier and partly in the 
reading device. Only the coTnbination of data carrier 
and reading device will produce the complete 
5 information needed for authentication. 

The invention is particularly advantageous if the 
biometric senior is a fingerprint senBor, A fingerprint 
censor determines the locally resolved poaition of 
minutiae of the fingerprint- The minutiae are singular 
10 points of the papillary lines of a fingerprint. These 
might be end points, branches or similar points of the 
papillary lines of the fingerprint- The local position 
, is determined depending on the distance from a 
reference point or radius to the angle related to a 
15 reference direction. 

In order to personalise the data carrier, the 
fingerprint of the data carrier owner is reproduced and 
appropriate reference values are determined for radiuB 
and angle. These values are then stored into the 

2 0 system » For practical purpose, • the radius reference 

data are stored only on the data carrier and the angle 
reference data are stored only on the reading device. 
Alternatively, the angle reference data are stored in 
the data carrier and the distance reference data are 
25 stored on the reading device. 

The Applicant faced the" problem of realising a 
•method for authenticating users based on the use of 
biometric identification techniques, that is secure, 
independent from the used biometric . identification 

3 0 techniques and that protects user privacy. 

The Applicant has observed that the above- 
described problem can be solved by a user 
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authentication method baeecl on the use of biometric 
identification techniques comprising the steps of: 
generating a reference biometric template from a first 
biometric image of a user to be authenticated and, 
5 afterwards, splitting the reference biometric template 
into a first and a second reference biometric template 
portion, said first and second reference biometric 
template portion being separable. The first and the 
second biometric reference template portion are then 
( 10 signed, enciphered and stored in different memories - 

More specifically, a user authentication method 
based on the use of biometric identification techniques 
comprises an enrolment step and a verification step, 
said enrolment step including the steps of: 
15 . - generating a reference biometric template from a 

first biometric image of a user to be authenticated; 

- Bplitting said reference biometric template into 
a first and a second reference biometric template 
portion; 

2 0 ^ enciphering said first and second reference 

biometric template portion; and 

- storing each one of said reference biometric 
template portions into a different memory. 

Another aspect of the present invention refers to 
25 an architectuxe based on the use of biometric 
identification techniques comprising; 

at least one data enrolment system for 
generating a reference biometric template from a first 
biometric image of a user to be authenticated, said 
3D data enrolment system comprising a Host Computer for 
splitting said reference biometric template* into a 
first and a second reference biometric template portion 
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tiiat are physically separable and for enciphering said 
first and second reference biometric template portion; 

- at least one portable data carrier associated 
with, said user to be authenticated^ said data carrier 
5 comprising a memory for storing said fir^t signed and 
enciphered reference biometric template portion; and 

at least one data verification syetem 
comprising a memory for storing said second signed and 
enciphered reference biometric template portion. 
10 Another aspect of the present invention refers to 

a portable data carrier associated with a user that has 
to be authenticated through a user authentication 
architecture, said data carrier including a 
microprocesEor comprising a memory for storing a first 
IS reference biometric . template portion associated with 
said user to be authenticated, said first referenoe 
biometric template portion being signed and enciphered, 
said portable data carrier being adapted to received as 
input, from said user authentication architecture, a 
2 0 second reference biometric template portion and a live 
template associated with said user to be authenticated, 
said second reference biometric template portion and 
said live template being signed and enciphered, said 
microprocessor further comprising: 
2 5 - a processing logic for deciphering said first 

and second reference biometric template portion and for 
recomposing therefrom said reference biometric template 
associated with said user to be authenticated; 

- a comparing logic for comparing said reference 
3D biometric template recompoped with said live template 
and sending a result of said comparison to said user 
authentication architecture. 



• 
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Another aepect of the present invention refers to 
a data verification eyetem comprieing an electronic 
device and a portable data carrier aeEOciated with a 
user that has to be authenticated^ said data carrier 
5 being adapted to store a firat reference biometric 
template portion associated with a user to be 
authenticated, said first reference biometric template 
portion being signed and enciphered; 

said electronic device comprising: 
10 - a memory adapted to store a second reference 

biometric template portion associated with a user to be 
authenticated/ complementary with said first portion, 
said second reference biometric template portion being 
signed and enciphered; 
15 - an image acquiring and processing device for 

generating a liv^ template ; 

said electronic device being adapted to encipher 
and sign said live template , transmit said second 
reference biometric template portion and said live 

2 0 template to said portable data carrier and 
authenticate said user depending on the result of a 
comparison performed by said data carrier between said 
live template and a reference biometric template of 
said user to be authenticated/ said reference biometric 

• 25 template being recomposed by using said first and 
second reference biometric template portion. 

A further aspect of the present invention deals 
with a computer prograici product that can be loaded in 
the memory of at least one electronic processor and 

3 0 comprising portions of software code to perform the 
process according to the invention when the product is 
e^cecuted on a processor j in this conteact such diction 
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must be deemed equivalent to th.e mention of a means 
reada.ble by a computer comprising instructione to 
control a network of computers in order to perform a 
process according to the invention. The reference to 
5 "at least one electronic prooessor*^ ie obviously aimed- 
to point out the possibility of carrying out the 
solution according to the invention in a de- centralised 
context - 

Further preferred aspects of the present invention 
10 are discloaed in the dependent claims and in the 
present description. 

The features and the advantages of the present 
invention will result from the herein below description 
of an embodiment, provided as a non-limiting example, 
15 with reference to the enclosed drawings,, in which: 

- figure 1 is a schematic representation of a user 
authentication architecture according to the invention; 

figure 2 shows a flow diagram related to 
implementing a first step of a user authentication 
20 method according to the invention; and 

figure 3 shows a flow diagram related to 
implementing a second step of the user authentication 
method according to the invention, 

With reference to figure 1, the user 
25 authentication method according to the invention is 
applied to a user authentication architecture 1 
comprising a data enrolment system 2, a data 
verification system 3 and a portable data carrier 4^ 
this latter one belonging to a user that has to be 
30 authenticated. The data carrier 4 can be a substrate 
whose sizes are substantially rectangular, . such as for 
example an access card, a credit card, a debit card, an 
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identification card, a smart card, a SIM card. The data 
carrier 4 ±b equipped with a microprocessor 5 including 
a processing logic 5a, a comparing logic 5b and a 
m^niory 6. 

5 Always with reference to figure 1, in a preferred 

embodiment, the data enrolment system 2 comprises a 
Host Computer 7, for example a personal computer, a 
ijueinesQ computer, etc., having enough memory 7a to 
store bioraetric data of a user that has to be 
10 authenticated. The data enrolment- system 2 can also 
include an image acquiring and processing device B, 
connected to the Host Computer 7, and a data 
reading/writing device 60, also connected to the Host 
Computer 7 realising the interface with the data 
15 carrier 4, The data reading/writing device 60 can be, 
for example, a smart card reader, if the data cax-rier 4 
is a smart card, or a cellular phone, if the data 
carrier 4 is a SIM card. 

Specifically, the image acquiring and processing 
2 0 device 8 includes; a sensor 9 of the biometric type, 
for example a television camera, to detect a first 
biometric image (i.e,, biometric data sample) of the 
user that has to be authenticated, for exanple a face 
template; an image processor 10, connected between 
25 a^nscr 9 and Host Computer 7, to generate a reference 
. biometric template from the user biometric image, 
detected through sensor 9, 

Preferably, the data enrolment system 2 is a 
separated system from the ■ data verification system 3 
3 0 and is placed in a secure environment. 

In a preferred embodiment, the data verification 
system 3 comprises an electronic device 11, for example 
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a personal aomputer, a. palmtop computer/ a cellula,r 
telephone, an hand-held PC, a. BTuaxt -phone, having 
enough memory lla to store biometric data of a user 
that has to be authenticated. 
5 The data verification system 3 can also comprise; 

a data base, of a known type and therefore not shown in 
figure 1^ managed by a remote system connected to the 
electronic device 11; an image acquiring and processing 
device 12; a data reading/ writing device 61 realising 
10 the interface with the data carrier 4. The image 
acquiring and processing device 12 and the data- 
■ reading/ writing device 61 are both connected to the 
electronic device 11, Moreover, the data 
reading/ writing device 61 can be, for example, a smart 
15 card reader, if the data carrier 4 is a smart card, or 
a cellular phone, if the data carrier 4 is a SIM card. 

Specifically, the image acquiring and proceeding 
device 12 comprises: a sensor 13, of the biometric 
type, for example a television camera, to detect a 
20 second biometric image (the face template) of the user 
that has to be authenticated. The image acquiring and 
. processing device 12 also includes an image processor 
14, connected between sensor 13 and electronic device 
11, to generate a live template from the user biometric 
25 image detected through the sensor 13- The electronic 
device 11 can also comprise a processing logic (not 
shown in figure 1) able to read and interpret the 
comparison operation result between reference biometric 
template and live template performed by the data 
3 0 carrier 4, as will be described more in detail below* 

It is to be remarked that, in the following 
description, for enciphering and deciphering biometric 
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data, cryptographic algorithms of the asymmetrical 
typ©/ for example the RSA . algorithm, are preferably 
used- In particular, these algorithms are baaed on the 
use of two different keys in the data enciphering and 
5 deciphering steps and on the existence of a PKI (Public 
Key Infrastructure) r fcr exatt^le baaed on standard 
X,509 described in R, Houeley, internet X.509 Public 
Key Infrastructure Certificate and CRL Profile, RFC 

2459, 1999, 

ID The user authentication method, according- to the 

invention, will now be described v?ith reference to the 
flow diagrams shown in figure© 2-3. 

In a preferred embodiment, the method according to 
the invention comprise© an enrolment step 20, performed 

15 by the data enrolment eyetem 2 and shown in figure 2, 
and a verification step 40, performed by the data 
verification system 3 and the data carrier 4 and shown 
in figure 3 . 

With reference to figure 2, initially the 
2 0 enrolment step 2 0 provides an initialisation step 21 of 
the data enrolment system 2, of the data verification 
system 3 and the data carrier 4. 

Specifically, the initialisation step 21 provides: 

- storing, in .the memory 7a of Host Compuiier 7, a 
25 pair of public KBput and private KBpr keys associated 

with the data enrolment system 2 r the related digital 
certificate Ce containing the public key KBput, signed 
with the private key issued by a secure Certification 
Authority and, possibly, the digital certificate Cac of 
30 the same Certification Authority ; 

- storing, in the memory 6 of data carrier 4/ a. 
pair of public Ktipub and private KUpr keys associated 
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with the user to be authenticated, the related digital 
certificate Cu containing the public key KUj,ub signed 
with the private key of the sedure Certification 
Authority and, po^esibly, the digital certificate Cj^c of 
5 the same Certification Authority. Alternatively r the 
data carrier 4 initialisation can provide for the 
generation of the pair of public and private keys KUpua?/ 
KUpr aboard the data carrier 4 itself (on-card) and the 
transmission of the certification request for the 

10 public key KUp^ to the secure Certification Authority. 
The initialisation proceed is then finalised by 
installing the ueeir digital certificate on the data 

carrier 4 and distributing the related certificate to 
the data enrolment system 2 and the data verification 

15 system 3 . All these operations can be performed in the 
microprocessor 5/ and 



11, a file containing a pair of public KVpub and private 
KVpr keys associated with the data verification system 
20 3, the related digital certificate Cv containing the 
public key KVpub signed with the private key issued by 
the secure Certification Authority and, possibly, the 
digital certificate C^c of the same Certification 
Authority, 

25 The enrolment step 2 0 then proceeds with 

detecting, through the sensor 9, a first biometric 
image of the user to be authenticated (block 22) . 
. Afterwards, the first biometric image is transferred to 
the image processor 10 that generates the reference 
3 0 biometric template (block 23) , 

The reference biometric template is then stored 
into the memory 7a of the Host. Computer 7 (block 24) . 



storing, in the memory 11a of electronic device 
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Afterwards, the Host Computer 7 decomposes the 
reference bioroetric template into a first and a second 
reference bioraetric template portion (block 25) , using 
a splitting algorithm that will be described more in 
5 detail herein below,, and then destroys the original 
copy of the reference biometric template (block 26) . 

At this timer the Host Computer 7 eigne the first 
and the second reference biometric template portion 
with the private key KEpr of the data enrolment system 2 
^ 10 (block 27) and then enciphers the two portions with the 

public key KXTp^jj of the user to be authenticated (block 
28) . 

Afterwards, the Host Computer 7 transfers the 
first reference biometric template portion onto the 
15 data carrier 4 (block 29) - Here, the first reference 
biometric template portion is stored into a protected 
area 6a (shown in figure 1) of the memory S (block 3 0) , 
For example, the memory 6a area can be protected 
through PIN. 

2 0 Communication between data enrolment system 2 and 

data carrier 4 can occur for example though the 
communication protocol implemented in the 
reading/writing device 60. The reading/writing device 
60 is also equipped with a logic (an application 

25 program) that checks the data transfer. 

The second reference biometric template portion is 
instead transferred and stored into the memory 11a of 
the electronic device 11 (block 31) . . 

Alternatively, the second reference biometric 

3D template portion can be transferred and stored into the 
data base . 



Enpf .ze i t : 07/05/2004 15 : 48 ■ Empf .nr . : 665 P .02 1 



07/05 2004 15:49 FAX +33 02B4423190 PIRELLI IHD, PROP. DEPT. E.P-O. MONACO il022/047 

7SlZi0 903 

13 

The transfer of the second reference biometric 
template portion from data . enrolment system 2 to 
electronic device 11, or to data baae, can occur by 
using .niethode of tbe OOD (^^Out Of Band'') type. In 
5 particular, these methods assume that data are not 
transferred in • a network^ but are transferred using 
alternative communication channels, such as, for 
example, a telephone channel or the traditional mail. 

Itess preferably, the transfer of the second 
10 reference biometric template portion can occur through 
a modem or a communication network, for example a 
TCP/IP or GSM network. 

With reference now to figure 3 , the verification 
step 40 starts when a user, by entering the data 
15 carrier 4 into the data reading/writing device 61, asks 
the user architecture 1 to be authenticated (block 
40a) - Under these conditions, the data verification 
system 3, through the eenflor 13, detects a second 
biometric image of the user that has to be 

2 0 authenticated (block 4l) . This second biometric image 

is then transferred to the image processor 14 that 
generates the live template (block 42) . Afterwards, the 
live template is sent to the electronic device 11 that 
signs it with the private key KVpj. of the data 
25 verification system 3 and enciphers it with the public 
key of the user KUput (block 43) , 

At that time, the electronic device 11, through . 
the reading/writing device 61, transmits to the data 
carrier 4 both the live template and the second 

3 0 reference biometric template portion, this latter one 

stored locally or recovered by the data base, enclosing 
a uni vocal Nonce (namely an aleatory value, used a 
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single time in a cryptographic Bcheme) to guarantee the 
authenticity of the current data verification session 
(block 44) . The univocal Nonce is also enciphered and 
signed. Such operation guarantees for example the 
5 protection from the so-called replay attacks (attacks 
where the attacking peraon is an authorised user that 
re-proposes to the system, in a following 
authentication session^ a previously positive 
authentication session as regards tlie interested user) - 

10 Communication between data verification system 3 

and data carrier 4 can occur for example through the 
communication protocol implemented in the 

reading/writing device 61, The reading/ writing device 
61 is also equipped with a logic (an application 

15 program) that checks the data transfer . 

Afterwards, the data carrier 4, using its own 
private key KUpr, deciphers the second reference 
biometric template portion and checks its signature by- 
using . the public key KEp^ of the data enrolment system 

20 2 (block 45) . In case of check success, the data 
carrier 4, through a recomposition algorithm, stored 
into the memory S and shown below, recomposes the 
reference biometric template (block 46) using the now 
deciphered second reference biometric template portion 

25 and the first reference biometric template portion, 
stored into the protected memory area 6a. 

Afterwards, the data carrier 4, using its own 
private key KUp^, deciphers the live template 
transmitted by the data verification system 3 and 

3 0 checks its signature by using the public key KVpuj, of 
the data verification system 3 (block 47) , 
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If all previously- dsscribed check operation)^ 
realised through the processing logic 5a. of the 
tniaroproces^or 5, have a positive result, the data 
carrier 4 performs a comparison operation between the 
5 reference biometric t:eTnplate and the live template 
(block 48) . 

Preferably, the comparison operation is performed 
by the comparing logic 5b of the microprocessor 5 as an 
atomic operation using known comparison functions 
10 depending on the biometric identification techniques 
used. For example, for the face template, as comparison 
functions, those provided in the Principal Component 
Analysis (Eigenfaces) or Local Features Analysis, or 
Neural Networks or 3D or wavelet Gabor, etc. techniques 
15 can be used. 

Afterwards, the data carrier 4 transfers to the 
data verification system 3 the compairison operation 
result together with the unifocal Nonce previously 
received by the data verification system itself (block 
20 49) - 

The comparison operation result and the univocal 
Nonce can for example be sent as a message signed with 
the user private key KUp^ and enciphered with the public 
key KVpub of the data verification system 3 , 
25 At this time, the electronic device 11^ using the 

private key KVpr of the data verification system 3, 
deciphers the message sent thereto by the data carrier 
4, checks its signature, and, depending on the 
comparison operation result, grants or not the user 
3 0 access to the required service (block 50) . 

In case a data base is used for storing the second 
reference biometric template portion, it is necessary 
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to Tuak© secure also the coitimunication between 
eleotroiiio device 11 and. remote data base managing 
system- This can be obtained by using, for example, the 
previously- described authentication, privacy and non- 
5 repudiation cryptographic mechanisms, in order to 
guarantee the authentication of affected parts, in 
addition to integrity and privacy of transferred data. 

Moreover, the remote data base managing system can 
use a.ccess control methods, of the Access Control List 
10 type (with" user authentication through userlD and 
Password or through digital certificates) to guarantee 
a secure access to data contained in the data base. 

Preferably, the splitting algorithm used by the 
data enrolment system 2 to split the reference 
15 biometric . template into the two portions of reference 
biometric template, is a secret splitting algorithm, 
that can be used in the cryptographic techniques of the 
"secret sharing scheme" type. In this case a secret is 
divided into N parts, securely transferred to N 
2 0 entities with the piroperty that, starting from a single 
• part of the secret, the original cannot be rebuilt- An 
•algorithm of this type is for example described in 
Feistel in "Cryptographic Coding for Data-Banking 
Privacy", IBM Research, New York, 1570,. 
25 More in detail, the splitting algorithm comprises 

an enrolment step in which the data enrolment system 2 
that created the template t (the reference biometric 
template) generates a random number ti (the firet 
reference biometric template portion) of the same size 
30 (length) of the template t- Afterwards the data 
enrolment system 2 applies a XOR function to t and t^i, to 
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generate a value (the second reference biometric 

template portion) , namely: 
t XOR ti = ta 

ti is then stored in a protected mode (that provides for 
5 signature and enciphering) on the data carrier 4 while 
ta is stored in a protected mode (that provides for 
signature and enciphering) on the data verification 

system 3 or in the central data base. 

The recomposition algorithm for the template t, 
10 used by the data carrier 4 to recompose the template t 
from ti and ta, is, mathematically, the reverse function 
of the previcualy-deBcxibed splitting algorithm. In 
particular, the data carrier 4, after having obtained 
tzr performs the XOR between t, and t, rebuilding tha 
15 original value of the template t, namely: " 

ti XOR ta = t. 

If all described operations are correctly 
performed, the technique is secure since by possesBing ' 
a single part, tl or t2, it is not posBible to obtain 
20- the template t. 

The advantages that can be obtained with the 
described user authentication method are as follows. 

Firstly, the user authentication method is secure 
Since an hacker that tries to violate either the data 
2S carrier 4 or the data verification system 3 does not 
obcain enough elements to go . back to the • reference 
biometric template, - since this latter one is partly 
stored in the data carrier ' 4 and partly in the data 
verification- system 3. m this way, both user privacy 
30 compliance, and the chance of using the same biometric 
technique also in case of violation/corruption of only 
one part of the reference biometric template, are 
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guaranteed. In fact, the reference biometric template 
a piece pf information depending on the used 
biometric techniques by applying the earn© biometric 
technique to the image of the same person ^ a reference 
5 biometric template is obtained that is very similar to 
the original one. Therefore^ if the whole reference 
biometric template falls in the hand of an hacker^ thie 
latter one could use it for disguising as the user 
enabled to the service^ impairing the used biometric 
10 technique. Moreover, it is plausible that, through a 
reverse- engineering process , the hacker can go back to 
the mode used by the biometric technique to produce the 
reference biometric template. In this way, the relevant 
biometric technique is no more secure. 
15 Moreover r the user authentication method according 

to the invention is also advantageous in case the 
authentication is mandatory for the access to an on- 
line service^ in which the operator providing the 
service controls the data verification system 3, In 
2 0 fact, the operator offering the service can go on 
keeping the control over the verification of the users 
because, according to the invention,, tooth data carrier 
4 and data verification system 3 concur in performing 
the verification step in a secure way that cannot be 
25 repudiated (the non- repudiation of a session implies 
the impossibility for a user to negate having 
participated into the session itself) . 

Moreover, the global security provided by the user 
authentication method according to the invention is 
3 0 further increased by the fact that the creation logic 
of the reference biometric template 11 does not reside 
on the data carrier 4 but on the data enrolment system 
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2 that, preferably, ie a separate system from the data 
verification system 3 and placed in a secure 
environment. Qn the data carrier 4 there are only the 
procee/sing logic 5a that recomposee the reference 
5 biometric template and also performs the suitable 
cryptographic operations and * the comparing logic 5b 
computing the correlation between reference biometric 
template and live template. 

It is finally clear that to the herein described 
10 and shown user authentication method and its related 
architecture numerous modifications and variations can 
be made, all falling within the scope of the inventive 
concept, ap defined in the enclosed claims. 

For example, biometric techniques can be ueed that 
15 are different from face recognition, .euch as 
fingerprints, hand prints, voice templates, retinal 
images, calligraphic samples and the like. 

Furthermore, the splitting algorithm used by the 
data enrolment system 2 can split the template t in n 

2 0 portions, where n > = 2, (e.g., ti, ta, -.-^ t^) , with 

the property that it is impossible to obtain t from an 
arbitrary number i of its portions ti, tgr-../ t^r where i 
< n. In other words, only all the portions txr tj,.,., tn 
combined together can recompose the original template 
25 t» The size of the single portions can vary: depending 
on the chosen splitting algorithm they could not equal 
the size of the template t, ■ 

• Moreover, the user authentication method according 
to the invention can be applied to different scenarios, 

3 0 such as for example* 

Stand Alone scenario, in which the user 
authentication method according to the invention is 
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used to protect the accepa to the data, verification 
system 3 {ex. login to personal computer^ palmtop, 
cellular phone-SIM) by a user provided with the data 
carrier 4; 

5 - client- server scenario^ in which the client 

scenario comprises the data carrier 4, preferably 
realised as a SIM-card, and a client portion of the 
data verification system 3^ while the server scenario 
Gompriaes a server portion of the data verification 

10 system 3, in particular, the server portion of the data 
verification system 3 can coincide or not with a 
central server (for eacample the server offering the 
. required service) . In this case, the client portion of 
the "data verification system 3 can perform a more or 

15 less active role in the authentication process. For 
example, the client portion of the data verification 
system 3 can perform the function of detecting the 
biometric image of the user that has to be 
authenticated, then transferring it to the central 

20 server to which instead the live template genera.tian is 
entrusted; the central server will then take care of 
transferring the live template to the client portion of 
the data verification system 3 . 

Alternatively, the client portion of the data 
25 verification system 3 can also generate the live 
template . 

In bath scenarios taken into account, the 
comparison operation between reference biometric 
template and live template is performed on the data 
3 0 carrier 4, then the recomposed reference biometric 
template never goes out of the data carrier 4 . The 
result of this operation is then transferred in a 
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secure way (for exainple enciphered and signed) to the 
central server that decides whether granting or not the 
authorisation . 

With reference to the client-eerver authentication 
5 scenario, if the central server plays an active role in 
the authentication process, the reference biometric 
template can be ^plit, for example, in three portions: 
ti stored on the data carrier 4, tz stored on the 
central server 15, included in the server portion 3a of 
10 the data verification system 3, and stored on the 
client portion 3b of the data verification system 3, as 
illustrated in figure 4, Alternatively, also the 
portion t3 of the reference biometric template can be 
stored on the server portion 3a. Interaction between 
15 all the systems ia required for template recompoeition 
and template verification. 

According to • the application's apecific 
requirements, the configuration described above can 
also be extended to an arbitrary number of systems, 
2 0 each of them storing a respective portion of the 
splitted reference biometric template. In this case, an 
extended version of the previously described splitting 
algorithm can be used (see for example the book 
Applied Cryptography" Second- Edition, Chapter 3, pages 
25 70-71", author Bruce Schneier^ published by John Wiley 
and Sons Inc) . 

Specif ically J for n systems involved (n > = 2) , n- 
1 random strings are generated, at an enrolment step, 
having the same length of the original template t. 
These n-l random strings are then XORed with the 
template t for obtaining the n-th random string of the 
shared template. Each of these random strings is then 
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distributed to the respective ayetem and the original 
template t is siibsequently destroyed. At a "verification 
step all theee random strings shoiald be present to 
reaompose the original template t, 
5 A further scenario including n systems^ each of 

them storing a reapective portion of the" original 
template t, can require a ten^slate sharing scheme in 
which only m systems, with n > m = 2, are involved in 
the template recompoeition and verification- A sharing 
10 scheme of this type is for example described in Shamir, 
How to BharB a. secret. Communications of the ACM, 22 
(1979) , pp, 612-613; 

More specifically, in this sharing scheme, called 
(ra,n)- threshold scheme, the template t is divided into 
15 n portions bo that only m of them are needed to 
recompose the original template t. For example, as 
shown in figure 5, with a (3,4)- threshold scheme, the 
data enrolment system 2 can split the template t among 
the data carrier 4 (ti) , the server portion 3a of the 
20 data verification system 3, comprising, for example, 
the central server 15 (t^) and a backup server 16 (t4) 
and the client portion 3b of the data verification 
system 3 (t^) , so that only three of these systems are 
needed to recompose of the original template t. In this 
25 way, if the central server 15 is temporarily 
unavailable (or it has been compromised by an attack) 
the backup server 16 can replace it in the template 
recomposi t ion . 

The same security considerations, .regarding the 
3 0 protection of the information exchanged between the 
systems involved in the template recomposition, are 
valid for the configurations described above, i.e. all 
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the template portions are digitally eigned and 
enciphered, before transmission, using the appropriate 
private and public keys. 

Further ^ in each one of the above described 
5 scenarios, all the cotnmiiniaation channels between the 
systems are protected by means of public key 
cryptography methods like the ones previously 
described- ThuS;. all the request /response messages 
exchanged by the systems are signed and enciphered 
10 using the appropriate private and p-ublic keys. These 
messages can also include a nonce for protection 
against rep lay- at tacks . 

For Increasing the privacy, the comparison 
operation between the reference biometric template and 
15 the live template is performed on the data • carrier 4 
but/ depending on the specific application 
requirements, it can also be performed outside the data 
carrier 4, for example, by the data verification system 
-3 (client portion or server portion) - 
2 0 Moreover, the Applicant outlines that biometric 

reference template splitting and its secure storing in 
the described distributed manner ensure increased 
resistance to template directed attacks and hence 
guarantee the privacy of the users.. 
25 Conventional security mechanisms (possibly based 

on the use of asyrametric cryptography) may also be used 
• to guarantee the authenticity of the parties that take 
part to the secret sharing scheme and the 
confidentiality of the communication channels used. 

30 
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1. User authentication method based on the use 
of identification biometric techniques comprising an 

5 enrolment step (20) and a verification step (4 0) , said 
enrolment step (20) including the steps of: 

generating (22, 23) a reference biometric 
template from a first biometric image of a user to be 
authenticated; 

10 - splitting (25) said reference biometric template 

into a first and a second reference biometric template 
portion; 

enciphering (27, 2B) said first and second 
reference biometric template portion; and 
15 - storing (29, 30, 31) each one of said reference 

biometric template portions into a different memory. 

2. Method according to Claim 1, characterised in 
that said step of storing each one of said reference 
biometric template portions into a different memoari^ 

2 0 comprises the step of 5 

- transmitting (29) said first reference biometric 
template portion from a first system (2) to a device 
(4), said first system (2). operating in said enrolment 
step (20) ; 

25 - storing (3 0) said first reference biometric 

template portion into a memory (6) of said device (4) , 
said device (4) operating .in said verification step 
(40); 

transmitting (31) said second reference 
3 0 biometric template portion from said first system (2) 
to a second system (3) , said second system (3) 
operating in said verification step (4 0) ; and 
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- storing (31) said second reference biometric 
template portion into a memory (11a.) of said second 
system (3) . 

3 • Method according to any one of Claimis 1 or 2 f 
5 characterised in that said verification step (40) 
comprises the steps of \ 

generating (41, 42) a live template from a 
second biometric image of said user to be 
authenticated; 
10 - enciphering (43) said live template; and 

- transmitting (44) said live template and said 
second reference • biometric template portion to said 
device (4) , 

4. Method according to Claim 3, characterised in 
15 that said verification step (40) comprises the steps 

of : 

' deciphering (45, 47) said live template and said 
second reference biometric template portion; 

recomposing (46) said reference biometric 

2 0 template from said first and second reference biometrio 

template portion; and 

comparing (48) said reccmposed reference 
biometric template with said live template. 

5. Method according to claim 4, characterised in 
25 that said verification step (4 0) comprises the steps 

of : 

- sending (49) a result of said comparison to said 
second system (3) ; and 

- authenticating (50) or not authenticating said 

3 0 user depending on said result. 

6. Method according to any one of Claims 2-5 r 
characterised in that said step of splitting said 

Empf .ze i t : 07/05/2004 15 : 50 Empf .nr . : 665 P .034 



07/05 2Q04 15:51 FAK +39 0264423190 PIRELLI IND. PROP . DEPT, ^ E.P.D, MONACO @1035/047 

TBIiQ903 

reference biometric template into a first and a second 
reference biometric template portion comprises tiie step 
of: 

- destroying said biometric template performed by 
5 said first system (2) . 

7, Method according to any one of Claims 2-6^ 
characterised in that said step of encipliering (27, 28) 
said first and second reference biometric template 
portion comprises the steps of s 

10 - storing (21) a first and a second key (KBpute/ 

KEpr) and a related digital certificate (Cb) into a 
memory (7a) of said first system (2) , said first and 
second keys (KEputf KEpr) being respectively a public key 
(KEpui.) and a private key (KEpr) associated vith said 

15 first system (2) ; 

- storing (21) a first and a second key (KUp^^r 
KUpr) and a related digital certificate (Cu) into said 
memory (6) of said device (4) , said first and second 
keys (KUpub, KUpr) being respectively a public key (KUpub) 

20 and a private key (KUpr) associated with said user to be 

authenticated; 

- signing (27) said first and second reference 
biometric template portion with said private key (KEpr) 
of said first system (2) / and 

25 - enciphering (2B) said first and second reference 

biomeiiric template portion with said public key (KUpui?) 

of said user to be authenticated. 

S, Method according to any one of Claims 3-7, 

characterised in that said step of transmitting said 
3 0 live template and said second reference biometric 

template portion to said device (4) comprises the ' steps 

of : 
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- generating an aleatory value aEBociated with the 
current data verification step (40) , said aleatory 
value guaranteeing the authenticity of eaid current 
data verification step (40) ; 

5 - signing and enciphering said aleatory value; and 

transmitting said aleatory value to said device 

(4) , 

B . Method according to Claims 7 or 8 , 
characterised in that said step of .enciphering said 
10 comparison biometric template comprieeB the steps of • 

" storing a first and a second key (KVpub, KVpx) and 
a related digital certificate (Cv) into said memory 
(11a) of said second system (3) , said first and second 
keys (KVpuja, KVpr) being respectively a public key (KVpub) 
15 and a private key (KVpr) associated with said second 
system (3) ; 

signing (43) said li-^e template with said 
private key (KVpr) of said second system (3) ; and 

- enciphering (43) said live template with said 
20 public key (KUp^h) of said user to be authenticated. 

10. Method according to any one of Claims a or 9, 
characterised in that said step of deciphering said 
live template and said second reference biometric 
template portion comprises the steps of; 
25 - deciphering the signature and the validity of 

said aleatory value; 

- deciphering (45) said second reference biometric 
template portion with said private key (KUpr) of said 
user to be authenticated; 

3 0 - verification its signature (45) 

• - deciphering (47) said live template with said 
private key (KUp^) of said user to be authenticated; and 
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- verification ite pignature (47) , 

11- Method according to any one of Glaima 
cliaracterieed in that eaid step of eendiag a result of 
Bald Gomp^rieon to said second device (11) comprises 
5 the steps of: 

- generating a message containing said result; 

- enciphering said message. 

12 . Method according to any one of the previous 
claims, characterised in that said identification 

^. 10 biometric techniques comprise at least one biometric 

identification technique of the type selected among: 
face recognition, fingerprints, hand prints, voice 
templates, retinal images, calligraphic samples . 

13. Method according to any one of Claims 2-12, 
15 characterised in that said first and second system (2) , 

(3) are respectively a data enrolment system and a data 
verification system and said device (4) is a data 



14. Method according to Claim 1/ characterised in 

2 0 that said step of splitting said reference biometric 

template includes the steps of 

- splitting said reference biometric template into 
a plurality of reference biometric template portions, 
at least some of said reference biometric template 
25 portions being used to recompose said reference 
biometric template . 

15 . User authentication architecture bases on the 
use of biometric identification techniques comprising: 

at least one data enrolment system (2) for 

3 0 generating a reference biometric template from a first 

biometric image of a user to be authenticated, said 
data enrolment system (2) comprising a Host Computer 
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(7) to split said reference biometria template into a 
first and a pecond reference biometric template portion 
and for enciphering said firat and second reference 
biometria template portion; 

at least one portable data carrier (4) 
aasoaiated with aaid uaer to be authenticated, said 
data carrier (4) comprising a memoxY (6a) for storing 
said first signed and enciphered reference biometric 
template portion; and 

at least one data verification system (3) 
cotnprieing a memory "(iia) for storing said second 
signed and enciphered reference biometric template 
portion. 

16. Architecture according to Claim 15, 
15 characterised in that said data carrier (4) comprises a 
microprocessor (5) including a processing logic (5a) 
for deciphering said first and second reference 
biometric template portion, verification the signature 
and recomposing said refe^fenoe biometric template from 
2 0 said first and second deciphered reference biometric 
template portion. 

17. Architecture according to Claim 16, 
characterised in that said microprocessor (5) comprises 
a comparing logic (sb) to compare said recotnposed 
reference biometric template with a live template 
generated by a second biometric image of the user co be 
authenticated, said second biometric image of the user 
to be authenticated being generated by the data 
verification system (3) . 

la. Portable data carrier (4) associated with a 
user that haa to be authenticated through a user 
authentication architecture (i) , said data carrier (4) 
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including a microproceeaor (5) comprising a memory (6) 
for storing a first reference biometric template 
portion associated writh said user to be authenticated, 
aaid first reference biometric template portion being 
5 signed and enciphered, said portable data carrier being 
adapted tp receive as input, from said user 
authentication architecture, a second reference 
bioTnetric template portion and a live template 
associated with said user to be authenticated, said 
10 second reference biometric template portion and said 
live template being signed and enciphered, said 
microprocessor (5 J further comprising s 

- a processing logic (5a) for deciphering said 
first and second reference biometric template portions 

15 and for recomposing therefrom said reference biometric 
template associated with said user to be authenticated, 

- a comparing logic (sb) for comparing said 
reference biometric template recomposed with said live 
teinplate and sending a result of said comparison to 
said user authentication architecture (i) . 

19. Data carrier according to Claim 19, 
characterised in that it comprises a substrate whose 
sizes are substantially rectangular, 

20. Data carrier according to any one of Claims 18 
25 or 19,. characterised in that said data carrier (4) is 

an access card or a credit card or a debit card or an 
identification. card or a emart card or a SIM card. 

21. Data verification system (3) comprising an 
electronic device (li) and a portable' data carrier (4) 
associated with a user that has to be authenticated, 
said data carrier .being adapted to store a first 
reference biometric template portion associated with a 
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ueex- to be authenticated^ eaid first raferenGe 
biometric template portion being signed and enciphered; 
said electronic device comprising: 

a memory (lla) adapted to store a second 
5 reference biometric template portion associated with a 
user to be authenticated, complementary to said first 
portion r said second reference biometric template 
portion being signed and enciphered; 

- an image acquiring and processing device (12) 
10 for generating a live templates- 
said electronic device (11) being adapted to encipher 
and sign said live template, transmitting said second 
reference biometric template portion and said live 
template to said portable data carrier (4) and 

15 authenticating said user depending on the result of a 
comparison performed by said data carrier (4) between 
said live template and a reference biometric template 
of said user to be authenticated, said reference 
biometric template being rebuilt by using said first 

20 and second reference biometric template portion. 22. 
Data verification system (3) comprising an electronic 
device (11) and a portable data carrier .(4) associated 
with a user that has to be authenticated, said data 
carrier being adapted to store a first reference 

25 biometric template portion associated with a user to be 
authenticated, said first reference biometric template 
portion being signed and enciphered 

said electronic device comprising: 

- a first memory (lla, 15) adapted to store a 
3 0 second reference biometric template portion associated 

with a user to be authenticated, said second reference 
biometric template portion being signed and enciphered; 
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- a.t least a second memory (11a, IS, 3b) adapted 
to store at least a third reference biometric template 
portion associated with a user to be authenticated, 
said third reference biometric template portion being 
5 signed and enciphered, wherein aaid first, second and 
at least third reference biometric template portions 
are such that the reference biometric template can be 
recomposed from a sxobeet of at least two of said 
reference biometric template portions; 

IQ - an image acquiring and processing device (12) 

for generating a live template; 

said electronic device (11) being adapted to 
encipher and sign said live template, transmitting said 
second reference biometric template portion and said 

15 live template to said portable data carrier (4) and 
authenticating said user depending on the result of a 
comparison perfoarmed by. said data carrier (4) between 
said live template and a reference biometric template 
of said user to be authenticated, said reference 

2 0 biometric template being rebuilt by using said first 
and second reference biometric template portion - 

23 . Program for electronic processor that can be 
loaded into the memory of at least one electronic 
processor and including program codes for performing 

25 the steps of the method according to any one of Claims 
1-14 when said program is executed by said electronic 
processor r 
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ABSTRACT 



Th^ present invention refers to ^ user 
authentication method baaed on the use • of 
5 identification iDiometric technique© coniprising the 
steps of I 

- generating a reference biotnetric teinplate from a 
first biometric image of a ueer to be authenticated,- 

- splitting the reference biometric template into 
la a first and a second reference biometric template 

portion that can be physically separated/ 

- signing and enciphering the first and the second 
reference biometric template portion; 

- storing the signed and enciphered first and the 
15 second reference biometric . template portion into 

different memories. 
(Pig.l) 



Empf .ze i t : 07/05/2004 15:51 Empf .nr . : 665 P .042 



07/05 2004 15:52 FAX +33 02G4423190 PIRELLI IMD. PROP . DEPT. E.P.O. MONACO gl 043/047 

4- i-IXJ-V ^-S^m^ 




Empf .ze i t : 07/05/2804 15:51 



EiiiPf.nr.:665 P. 043 



07/05 2004 15:52 FAX +39 0264423190 PIRELLI IMD, PROP. DEPT. ^ E.P.O. MOHACO ©044/047 



2/5 



04 






CO 




d 



Empf .zei t : 07/05/2004 15:5 1 



Empf.nr.:665 P. 044 



07/05 2Q04 15:52 FAX +39 02G44231S0 



PIRELLI IND. PROP. DEPT. ^ E.P.P. HDHACO 11045/047 




Enpf .zeit:07/05/2004 15:51 



Empf.nr.:665 P. 045 



07/05 2004 15:52 FAX *33 02G4423190 
a;EL0903 



PIRELLI IND.PRDP.DEPT. * E.P.O. MONACO @i 046/047 



4/5 




2 



CO 



CO 



Empf .zeit:07/05/2004 15:51 



Empf .nr-:665 P-046 



07/05 2004 15:52 FAX +39 02G44231S0 PIRELLI IHD. PROP. DEPT. ^ E.P.O. MONACO 11047/047 

4 




Enpf .zei t :07/05/2004 15:51 



Empf .nr.:665 P. 047- 



